An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple actions within the web management interface (setup.cgi) are vulnerable to command injection, allowing remote attackers to execute arbitrary commands, as demonstrated by shell metacharacters in the sysDNSHost parameter.
References
Link | Resource |
---|---|
https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/august/the-netgear-wnr1000v4-round-2/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-03-02T15:06:24
Updated: 2020-03-02T15:06:24
Reserved: 2020-03-02T00:00:00
Link: CVE-2019-20488
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-03-02T16:15:12.160
Modified: 2020-08-24T17:37:01.140
Link: CVE-2019-20488
JSON object: View
Redhat Information
No data.
CWE